CVE-2020-2253

Description

Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server.

Affected products

• Jenkins Project / Jenkins Email Extension Pluginunspecified – 2.75
• Jenkins Project / Jenkins Email Extension Plugin2.69.1 – 2.69.1
• Jenkins Project / Jenkins Email Extension Plugin2.68.1 – 2.68.1

References

• MISChttps://www.jenkins.io/security/advisory/2020-09-16/#SECURITY-1851
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2020/09/16/3